Re: [Openvpn-devel] [PATCH] cppcheck finding: add "ASSERT( maxoutput > 0 || separator != NULL )" to prevent possible null pointer derefence

> > Hello, > > this defect was found by cppcheck, however cppcheck still complains. > so, we did not make it happy yet. > > I think, the best would be split this function into 2 separate functions > (with either null argument) or leave it like that. Unrelated to an actual fix, IMHO we should at

Re: [Openvpn-devel] [RFC] - Enable 2FA to be used with renegotiations

> > The patch-set can be found here: > > > > And the git tree can be found here: >

Re: [Openvpn-devel] Time to change the default cipher?

Hi > On Mon, Aug 29, 2016 at 08:45:52PM +0200, Jan Just Keijser wrote: >> uhoh: https://sweet32.info/ >> >> shall we change the default cipher in the master tree to AES-256 (if not >> done so already) ? > > […] > OTOH, what we could do is: indeed *change+ the default, and add a big fat > wa

Re: [Openvpn-devel] [PATCH (master)] Drop gnu89/c89 support, switch to c99

Hi all, hopefully this message is not completely garbled by Apple Mail ... > > > […] > > Just some more benchmarks. I just compiled successfully with -std=c99 > on an old Scientific Linux 6.5 (RHEL 6.5 clone) I found. Another > important detail, RHEL5 will reach the "End of Production" phas

Re: [Openvpn-devel] [PATCH] Another fix related to unit test framework

> >> IMO, the unit testing patches shouldn't have been merged into the release >> branch > > I have discussed this with David (after the fact, meh) and we couldn't > really come to an conclusion on this - but since you and Jens now both > argue that way (and especially Jens as the original auth

Re: [Openvpn-devel] travis-ci (smoke testing)

Hi > > Hello, > > I was impressed by unit testing efforts, so I suggest to implement something > like that > > https://travis-ci.org/chipitsine/openvpn/builds/135318558 > > > ( https://github.com/OpenVPN/openvpn/pull/52 >

Re: [Openvpn-devel] [PATCH] Another fix related to unit test framework

… > IMO, the unit testing patches shouldn't have been merged into the release > branch I agree. This patch was in retrospective clearly not ready for a release branch. A lot of people spend time to hot fix a broken build. My root cause analysis boils down to: Developers cannot detect multi

Re: [Openvpn-devel] [PATCH 1/2] Refactor t_client.sh

... > > The buildmaster part is not documented anywhere. I have shared the master > config once when someone requested it - there is nothing inherently private > in there, once the passwords are removed. Setting up buildmaster + > buildslaves could definitely be automated, but it would be a ra

Re: [Openvpn-devel] [PATCH 1/2] Refactor t_client.sh

Hi, > I'd prefer to keep the actual buildslave infrastructure private, with access > granted to only a select few. We already get email notifications to a public > list for each build failure. Is there some kind of instruction to “reproduce” the build infrastructure? Some kind of document or -

Re: [Openvpn-devel] [PATCH 1/2] Refactor t_client.sh

Gert, Samuli […] > > My buildbots test on "all the BSDs" (Free, Net, Open, and they have a > /bin/sh which is "It only supports features designated by POSIX plus a few > Berkeley extensions") and OpenSolaris 11 (ksh93). Samuli's buildbot > test on various Linux variants, so "dash" should work.

Re: [Openvpn-devel] Solaris 11: t_lpback.sh coredump on AES-GCM

Hi Gert, openssl is a joy to work with :-/ [snip] > Ceterum censeo: I acknowledge that something is funny here, but I do not > think it's OpenVPN's fault (otherwise it should show up for me), so not > much we can do about it. A broken ssl library and openvpn - What could possibly go wrong? B

Re: [Openvpn-devel] Solaris 11: t_lpback.sh coredump on AES-GCM

Hi Gert, > Hi, > > On Sat, May 21, 2016 at 07:05:01PM +0200, Jens Neuhalfen wrote: >> ./t_lpback.sh fails with AES-GCM mode on Solaris 11. CRYPTO_gcm128_setiv >> from libcrypto seems to jump into NULL pointer country. > > Oh, interesting. My OpenSSL on the OpenSo

[Openvpn-devel] Solaris 11: t_lpback.sh coredump on AES-GCM

Hi, ./t_lpback.sh fails with AES-GCM mode on Solaris 11. CRYPTO_gcm128_setiv from libcrypto seems to jump into NULL pointer country. This is currently no issue for me, but in case anyone cares I put the coredump on https://www.neuhalfen.name/__downloads__/openvpn/core_solaris11_aes-gcm_crash

Re: [Openvpn-devel] [PATCH 1/2] Refactor t_client.sh

Hi Gert, [snip] > Generally speaking, I'm in favour of reworking t_client.sh and making > the output more readable, etc. - it was a quick hack, and more polishing > would be welcome. > > I'm not exactly sure about the shell constructs you use, specifically > arrays and varaible declarations - is

Re: [Openvpn-devel] Test documentation: What does t_cltsrv.sh do?

Gert, please be so kind and review this README intended to go in openvpn/tests OpenVPN tests = OpenVPN utilizes three types of tests * Unit testing with cmocka * Loopback integration testing * VM/Server based integration testing ## Unit testing Unit testing is described in [unit_t

[Openvpn-devel] Test documentation: What does t_cltsrv.sh do?

Hi, in my quest to bring better testability to OpenVPN I am documenting some of the test cases. * t_client.sh runs connect & ping tests against servers * t_lpback.sh runs the built-in crypto tests * Can anybody tell me what ’t_cltsrv.sh’ tests? Cheers Jens

Re: [Openvpn-devel] [PATCH] Prevent integration test timeout bc. of sudo

Hi Gert, […] > > Git isn't liking the way you send your patches - I'll apply it manually > (because it makes sense), but please take a look at "git send-email", > which will ensure that patches and mail headers, blank encoding, and > everything is perfect? > > If I try to feed your mail into "g

[Openvpn-devel] [PATCH] Prevent integration test timeout bc. of sudo

From 885471cf0c9918a8a7edbae2b8985e2321aff739 Mon Sep 17 00:00:00 2001 From: Jens Neuhalfen List-Post: openvpn-devel@lists.sourceforge.net Date: Sun, 8 May 2016 18:17:48 +0200 Subject: [PATCH] Prevent integration test timeout bc. of sudo Integration tests run by t_client.sh use sudo to run

Re: [Openvpn-devel] automatically close PR

Hi Ilya, > > > Hello, > > it is not very ethical to allow people to open PR in order to say later "hey, > you know, we do not accept PR” Thanks for bringing that up! > > I suggest to enable https://nopullrequests.appspot.com/ > on https://github

Re: [Openvpn-devel] SPAM on trac

AND some (all?) pages have attachments that are very likely malicious! > On 29 Apr 2016, at 16:13, Jens Neuhalfen wrote: > > My bad - the 3 year old change was the creation of the index age. I fact the > SPAM stems from lots of subpages created, and subsequently picked up by the

Re: [Openvpn-devel] SPAM on trac

> On 29 Apr 2016, at 15:56, debbie10t wrote: > > Last change of the page was 3 minutes ago when I first noticed it .. > > > On 29/04/16 14:41, Jens Neuhalfen wrote: >> *very* bad, because apparently this happened 3 years ago, or trac is broken >> (Last change of th

[Openvpn-devel] [PATCH] ignore the local config file t_client.rc in git

From e343a78173ad2b3d31384ece1e7fe245215a5c72 Mon Sep 17 00:00:00 2001 From: Jens Neuhalfen List-Post: openvpn-devel@lists.sourceforge.net Date: Fri, 29 Apr 2016 13:16:36 +0200 Subject: [PATCH] ignore the local config file t_client.rc in git t_client.rc is a config file used in integration tests

Re: [Openvpn-devel] [PATCH 1/2] add test servers to use with t_client.sh

Hi everyone, I reworked the scripts, and put them in a PR for comments: https://github.com/OpenVPN/openvpn/pull/45 <https://github.com/OpenVPN/openvpn/pull/45> cheers Jens > On 23 Apr 2016, at 17:48, Jens Neuhalfen wrote: > > Hi, > > this patch will add tes

Re: [Openvpn-devel] Request for comment: Adding unit tests to openvpn

/OpenVPN/openvpn/pull/44 <https://github.com/OpenVPN/openvpn/pull/44> As always: I’ll send the patches to the list, after I got some comments (or per request). Cheers Jens > On 27 Apr 2016, at 20:55, Jens Neuhalfen wrote: > > Hi, > > I put together a set of patches

[Openvpn-devel] Request for comment: Adding unit tests to openvpn

Hi, I put together a set of patches that add unit testing support for openvpn. To make comments easier I put them together as pull request on github. Please review the patch and point out points of improvement. After that I will post the “real” patches to the list. https://github.com/OpenVPN/o

[Openvpn-devel] [PATCH 2/2] add script to launch t_client.sh against a VM

This script will prepare (compile and start openvpn) a vm, run t_client.sh against it, and then halt the VM. 0002-add-script-to-launch-t_client.sh-against-a-VM.patch Description: Binary data

[Openvpn-devel] [PATCH 1/2] add test servers to use with t_client.sh

Hi, this patch will add test servers to use with t_client.sh. This will make testing on different systems much easier. Bonus: testing on a laptop is a breeze. Virtual machines are defined by [Vagrant](https://www.vagrantup.com) scripts. Virtualbox is used for virtualisation. Each of the virt

Re: [Openvpn-devel] [PATCH] auth-pam:Fix buffer overflow by user supplied data

Hi Gert, […] *sigh*. Thanks for finding out && providing the patch! Learning: Try on multiple machines (It “compiles on my machine [Mac]” apparently is not enough) My test vm (precise) fails with the same error. Jens > While this looks totally reasonable, it does not compile... both in >

Re: [Openvpn-devel] Unit testing in openvpn?

Hi Arne, […] >> > The problem with unit tests and existing software is that, if the > software hasn't been written with testing in mind, it is often hard > without major refactoring to do the small java style unit tests. Also > someone has to write these unit tests and free time is currently spa

Re: [Openvpn-devel] Unit testing in openvpn?

Hi Samuli, […] > I think the first step would be to identify the places where unit tests could > be implemented easily (if any), and where they would do most good. If > something falls to both of these categories then writing a unit test there > would probably make sense. The first candidate